package com.hc.controller;

import lombok.extern.slf4j.Slf4j;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController;

//基于注解的访问控制
/////////////////////////////////////////////////@EnableGlobalMethodSecurity(prePostEnabled = true)
@Slf4j
@RestController
@RequestMapping("/anno1")
public class AnnotationController1 {
    //只能user操作
    //antMatchers("user/do").hasRole("user");
    @PreAuthorize("hasRole('user')")
    @ResponseBody
    @GetMapping("/user/do")
    public String userDo() {
        log.info("userDo");
        return "userDo";
    }

    //只能admin操作
    //antMatchers("admin/do").hasRole("admin");
    @PreAuthorize("hasRole('admin')")
    @ResponseBody
    @GetMapping("/admin/do")
    public String adminDo() {
        log.info("adminDo");
        return "adminDo";
    }

    //所有人(user或admin)都能操作
    //antMatchers("all/do").hasAnyRole("user","admin");
    @PreAuthorize("hasAnyRole('user','admin')")
    @ResponseBody
    @GetMapping("/all/do")
    public String allDo() {
        log.info("allDo");
        return "allDo";
    }

    @PreAuthorize("hasAuthority('book:select')")
    @ResponseBody
    @GetMapping("/book/select")
    public String bookSelect() {
        log.info("bookSelect");
        return "bookSelect";
    }

    @PreAuthorize("hasAuthority('book:update')")
    @ResponseBody
    @GetMapping("/book/update")
    public String bookUpdate() {
        log.info("bookUpdate");
        return "bookUpdate";
    }

}
